[Openvpn-users] Can't ping computer on subnet of Client (long)

["Stan Lewis" <satlewis@xxxxxxxxxxxxx>]

Here's the idea! Two subnets as follows


Subnet A                                   Subnet B
  | dsl modem | <---(openvpn)----------> | dsl modem |
        |                                      |
        V                                      V
  +------------------+                   +----------------+
  | cheap A          |                   | cheap B        |
  | linksys wireless |                   | dlink wireless |
  | router           |                   | router         |
  +------------------+                   +----------------+
           |                                     |
      +----+-----+                          +----+-----+
      |          |                          |          |
   +----+    +----+                     +----+      +----+
   | A1 |    | A2 |                     | B1 |      | B2 |
   +----+    +----+                     +----+      +----+

Now by "cheap" above I mean that the routers support VPN passthru only, no place
for routing tables, only port forward.
Now for the addresses:
Subnet A: Internal IP: 192.168.1.0/24
Subnet B: Internal IP: 192.168.11.0/24
A1 IP addr: 192.168.1.101
A2 IP addr: 192.168.1.103
B1 IP addr: 192.168.11.2
B2 IP addr: 192.168.11.6

OpenVPN IP
Server  (on B1):192.168.166.1
Client1 (on A1):192.168.166.6

Using TAP (routing) not TUN (bridge) which is a whole separate story as I cannot
"bridge" the adaptors on WinXP SP2 Home Edition.
IPRouting is enabled on A1 and B1.
No software firewalls
Port forwarded by 'cheap' routers and DSL modems

Route tables have been updated (either manually in the case of A2/B2 or through
OpenVPN config on A1/B1) four computers as follows:
On A1: push "route 192.168.11.0 255.255.255.0" (in server config)
       iroute 192.168.1.0 255.255.255.0 (in ccd file on server)
On A2: Route Add 192.168.11.0 mask 255.255.255.0 192.168.1.101
On B1: Route 192.168.1.0 255.255.255.0 (in server config)
On B2: Route Add 192.168.1.0 mask 255.255.255.0 192.168.11.2

Now...
On A subnet, everything checks out as follows.. (expected results)
Ping (from 192.168.1.101) 192.168.1.103 ---> good
Ping (from 192.168.1.103) 192.168.1.101 ---> good

On B subnet, everything checks out as follows.. (expected results)
Ping (from 192.168.11.2) 192.168.11.6 ---> good
Ping (from 192.168.11.6) 192.168.11.2 ---> good

Now from A1 to B subnet
Ping (from 192.168.1.101) 192.168.11.2 ----> good
Ping (from 192.168.1.101) 192.168.11.6 ----> good

Now from A2 to B subnet
Ping (from 192.168.1.103) 192.168.11.2 ----> good
Ping (from 192.168.1.103) 192.168.11.6 ----> good

Now from B1 to A subnet
Ping (from 192.168.11.2) 192.168.1.101 ----> good
Ping (from 192.168.11.2) 192.168.1.103 ----> BAD!!!!!

Now from B2 to A subnet
Ping (from 192.168.11.6) 192.168.1.101 ----> good
Ping (from 192.168.11.6) 192.168.1.103 ----> good

So, everyone can see everyone except B1 cannot see A2, BUT A2 can see B1

Now a Tracert....
Tracert (B2) 192.168.1.103 shows the path going to B1 (192.168.11.2) then into
the VPN (192.168.166.6)
Tracert (B1) 192.168.1.103 shows the path going into VPN (192.168.166.6)
then......
BUT
Tracert (B1) 192.168.1.101 shows the path going straight to A1 (192.168.1.101)

And
Tracert (A2) 192.168.11.2 shows the path going to A1 (192.168.1.101) then into
the VPN (192.168.166.1)
Tracert (A1) 192.168.11.2 shows the path going "straight" to B1

Now WHAT GIVES? Why can't B1 see A2?  Basically, the OpenVPN server cannot
see/ping computers on the same subnet as the client, yet computers on the same
subnet as the server can????

Stan









-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.17.30/674 - Release Date: 2/7/2007 3:33
PM
 

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users